A few years ago I noticed an annoyance with a soundbar I had. After allowing it onto my WiFi network so we could stream music to it, it still broadcast the setup WiFi network.

While dorking around one day, I ran a port scan on my network the soundbar reported the port was open. I was able to log in as root and no password.
After a moment of “huh, that’s terrible security.” I connected to the (publicly open) setup network and successfully logged into ssh and copied the wpa_supplicant.conf file from the device and verified it had my WiFi info available to anyone with at least my mediocre skill level, and factory reset the device, never to entrust it with credentials again.